package com.dhcy.mqtt.config;


import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {


    @Bean
    public JWTFilter jwtFilter() {
        return new JWTFilter();
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager,JWTFilter jwtFilter){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        // 必须设置 SecurityManager
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        // 登录成功后要跳转的链接
        shiroFilterFactoryBean.setSuccessUrl("/");
        //未授权界面;
        shiroFilterFactoryBean.setUnauthorizedUrl("/admin/403");



        /*重要，设置自定义拦截器，当访问某些自定义url时，使用这个filter进行验证*/
        // 自定义过滤器
        Map<String, Filter> filterMap = shiroFilterFactoryBean.getFilters();
        filterMap.put("jwtFilter", jwtFilter);
        shiroFilterFactoryBean.setFilters(filterMap);

        //拦截器.
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<String, String>();
        //配置退出过滤器,其中的具体的退出代码Shiro已经替我们实现了
        filterChainDefinitionMap.put("/logout", "logout");

        //<!-- 过滤链定义，从上向下顺序执行，一般将 /**放在最为下边 -->
        //<!-- authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问-->
        filterChainDefinitionMap.put("/ht/**", "jwtFilter");
        filterChainDefinitionMap.put("/static/**","anon");
        filterChainDefinitionMap.put("/templates/**","anon");
        filterChainDefinitionMap.put("/js/**","anon");   // anon  Set as a public resource
        filterChainDefinitionMap.put("/css/**","anon");   // anon  Set as a public resource
        filterChainDefinitionMap.put("/bootstrap/**/**","anon");   // anon  Set as a public resource
        filterChainDefinitionMap.put("/images/**","anon");   // anon  Set as a public resource
        filterChainDefinitionMap.put("/sysUser/login.json", "anon");
        filterChainDefinitionMap.put("/onlineData/add", "anon");
        filterChainDefinitionMap.put("/js/**", "anon");
        filterChainDefinitionMap.put("/wx/**", "anon");
        filterChainDefinitionMap.put("/css/**", "anon");
        filterChainDefinitionMap.put("/images/**", "anon");
        filterChainDefinitionMap.put("/jzfw/**", "anon");
        filterChainDefinitionMap.put("/lib/**", "anon");
        filterChainDefinitionMap.put("/api/**", "anon");
        filterChainDefinitionMap.put("/ht/equipmentAdd.json", "anon");
        filterChainDefinitionMap.put("/ht/asynEquipment.json", "anon");
        filterChainDefinitionMap.put("/ht/equipmentPush.json", "anon");
        filterChainDefinitionMap.put("/mqtt/sendToTopic", "anon");
        filterChainDefinitionMap.put("/sysUser/login.json", "anon");
        filterChainDefinitionMap.put("/sysUser/login.json", "anon");
        filterChainDefinitionMap.put("/onlineData/**", "anon");
        filterChainDefinitionMap.put("/sysUser/user/login.json", "anon");
        //swagger相关
        filterChainDefinitionMap.put("/favicon.ico","anon");
        filterChainDefinitionMap.put("/swagger-ui.html","anon");
        filterChainDefinitionMap.put("/webjars/**", "anon");
        filterChainDefinitionMap.put("/v2/**", "anon");
        filterChainDefinitionMap.put("/swagger-resources/**", "anon");

        filterChainDefinitionMap.put("/**", "authc");

        // filterChainDefinitionMap.put("/**", "user");
        // 如果不设置默认会自动寻找Web工程根目录下的"/login.jsp"页面
        shiroFilterFactoryBean.setLoginUrl("/page/login");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }

    @Bean(name = "rememberMeManager")
    public RememberMeManager myRememberMeManager(){
        CookieRememberMeManager rememberMeManager=new CookieRememberMeManager();
        rememberMeManager.setCipherKey(Base64.decode("Z3VucwAAAAAAAAAAAAAAAABBB=="));
        SimpleCookie simpleCookie=new SimpleCookie("remberMe");
        simpleCookie.setMaxAge(24*60*60*1000);
        rememberMeManager.setCookie(simpleCookie);
        return  rememberMeManager;

    }


    @Bean(name = "securityManager")
    public SecurityManager securityManager(RememberMeManager rememberMeManager,MyShiroRealm myShiroRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        myShiroRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        securityManager.setRealm(myShiroRealm);
        securityManager.setRememberMeManager(rememberMeManager);
        return securityManager;
    }
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        hashedCredentialsMatcher.setHashAlgorithmName("md5");//散列算法:这里使用MD5算法;
        hashedCredentialsMatcher.setHashIterations(2);//散列的次数，比如散列两次，相当于 md5(md5(""));
        return hashedCredentialsMatcher;
    }


}

